Or is that a client thing? Sorry for the double-reply.
Chris > From: "Craig Bowers" <[EMAIL PROTECTED]> > Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> > Date: Thu, 29 May 2003 12:36:12 -0700 > To: "SIMS Discussions" <[EMAIL PROTECTED]> > Subject: Re: SMTP AUTH security/passwords transmitted in the clear? > > >> The only question I have is since the passwords are sent in the >> clear with >> SMTP AUTH (as opposed to APOP which encrypts passwords) has >> there ever been >> a known case of a hacker intercepting SMTP AUTH password >> transmissions to >> gain relay abilities on a mail server? This seems to be a >> security concern >> whereas with the APOP check before send hack I can't see any >> real security >> hole (especially with a 15 or 30 second "window" during which >> authenticated >> IPs are treated as clients). > > Well actually the SMTP AUTH doesn't have to be plain text. > You'll see SIMS supports LOGIN PLAIN and CRAM-MD5, if you telnet to SIMS > on port 25, and type EHLO > > Now as to the issue of what the clients support, you might consult a > table such as: > http://members.elysium.pl/brush/smtp-auth/client.html > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[EMAIL PROTECTED]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
